| Título | FoundationAgents MetaGPT 0.8.2 Command Injection |
|---|
| Descrição | MetaGPT (GitHub project: https://github.com/FoundationAgents/MetaGPT) contains a command injection vulnerability in its Mermaid diagram rendering functionality. The issue stems from unsafe handling of the `mermaid.path` configuration value, which is used to specify the path to the Mermaid CLI executable.
An attacker who can control the `mermaid.path` setting in `config.yaml` can inject arbitrary shell metacharacters. Two code locations are vulnerable:
1. `metagpt/utils/common.py` - `check_cmd_exists()` passes the path directly to `os.system()`.
2. `metagpt/utils/mermaid.py` - `mermaid_to_file()` builds a shell command using `asyncio.create_subprocess_shell()` and concatenates the path into the command string.
Because the path is not sanitized or treated as an argument list, shell syntax such as `;`, `|`, or `$()` is interpreted by the underlying shell. This allows arbitrary command execution in the security context of the MetaGPT process.
No special Mermaid input is required; the vulnerability is triggered whenever the `nodejs` Mermaid engine is active and a diagram is rendered. The issue is not in Mermaid CLI itself but in how MetaGPT constructs the execution command.
Impact: Remote code execution if an attacker can modify the configuration file or supply a crafted configuration through other means (e.g., via a compromised workspace or supply chain attack).
Affected versions: All versions up to the latest release (0.8.2) at the time of discovery (no fix has been released). The vulnerability is present wherever `mermaid.engine = "nodejs"` is used and `mermaid.path` is configurable. |
|---|
| Fonte | ⚠️ https://www.notion.so/asuka39/MetaGPT-Command-Injection-via-Mermaid-path-Configuration-35fe35b8556880b29113c8c1b414a8b2?source=copy_link |
|---|
| Utilizador | ASUKA39 (UID 70397) |
|---|
| Submissão | 13/05/2026 08h28 (há 26 dias) |
|---|
| Moderação | 06/06/2026 17h55 (24 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 369074 [FoundationAgents MetaGPT até 0.8.2 metagpt/utils/common.py check_cmd_exists mermaid.path Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|